[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf compatiblity w/ other unix OS



On Mon, Jun 03, 2002 at 01:45:52PM +0800, Lars Hansson wrote:
> Like?

  Load balancing.
  
  Per-IP rate limitation.
  
  FTP/FXP stateful firewalling.
  
  IRC stateful firewalling.
  
  SNMP stateful firewalling.

  RPC stateful firewalling.
  
  Talk stateful firewalling.
  
  TFTP stateful firewalling.
  
  ARP packets filtering.
  
  Stealth matching (matches ports where no server is listening).
  
  Substring matching.

  Eggdrop stateful firewalling.
  
  TOS mangling.

  TTL mangling.

  Per-MAC address filtering.
  
  IP options stripping.
  
  Static 1:1 mapping.
  
  Hosts pools.
  
  Very flexible filtering against packet states (invalid, established, new,
related, snat, dnat, expected status, remaining lifetime...)

  Matching against packet lenght and time.
  
  Portscan match.
  
  Network quotas.
  
  Random match.
  
  Ability to send ICMP unreachable messages from fake IP addresses.
  
  Lists of recently seen IP addresses.
  

  Most of them are not very useful, though.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j_(_at_)_42-Networks_(_dot_)_Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a>  \/